svn commit: r346252 - in head/usr.sbin/cron: cron crontab

Ian Lepore ian at freebsd.org
Tue Sep 3 14:07:45 UTC 2019 

On Mon, 2019-04-15 at 18:53 +0000, Kyle Evans wrote:
> Author: kevans
> Date: Mon Apr 15 18:53:28 2019
> New Revision: 346252
> URL: https://svnweb.freebsd.org/changeset/base/346252
> 
> Log:
>   cron(8): Add MAILFROM ability for crontabs
>   
>   This changes the sender mail address in a similar fashion to how MAILTO may
>   change the recipient. The default from address remains unchanged.
>   
>   MFC after:	1 week
> 
> Modified:
>   head/usr.sbin/cron/cron/cron.8
>   head/usr.sbin/cron/cron/do_command.c
>   head/usr.sbin/cron/crontab/crontab.5
> 

Is this going to allow normal users to spoof the From: using private
crontabs?  That sounds mildly dangerous.

-- Ian

> Modified: head/usr.sbin/cron/cron/cron.8
> =====================================================================
> =========
> --- head/usr.sbin/cron/cron/cron.8	Mon Apr 15 18:49:04 2019	(r346
> 251)
> +++ head/usr.sbin/cron/cron/cron.8	Mon Apr 15 18:53:28 2019	(r346
> 252)
> @@ -17,7 +17,7 @@
>  .\"
>  .\" $FreeBSD$
>  .\"
> -.Dd July 19, 2017
> +.Dd April 15, 2019
>  .Dt CRON 8
>  .Os
>  .Sh NAME
> @@ -79,6 +79,9 @@ commands, any output is mailed to the owner of the
> cro
>  named in the
>  .Ev MAILTO
>  environment variable in the crontab, if such exists).
> +The from address of this mail may be set with the
> +.Ev MAILFROM
> +environment variable.
>  .Pp
>  Additionally,
>  .Nm
> 
> Modified: head/usr.sbin/cron/cron/do_command.c
> =====================================================================
> =========
> --- head/usr.sbin/cron/cron/do_command.c	Mon Apr 15 18:49:04
> 2019	(r346251)
> +++ head/usr.sbin/cron/cron/do_command.c	Mon Apr 15 18:53:28
> 2019	(r346252)
> @@ -93,7 +93,7 @@ child_process(e, u)
>  {
>  	int		stdin_pipe[2], stdout_pipe[2];
>  	register char	*input_data;
> -	char		*usernm, *mailto;
> +	char		*usernm, *mailto, *mailfrom;
>  	int		children = 0;
>  # if defined(LOGIN_CAP)
>  	struct passwd	*pwd;
> @@ -111,6 +111,7 @@ child_process(e, u)
>  	 */
>  	usernm = env_get("LOGNAME", e->envp);
>  	mailto = env_get("MAILTO", e->envp);
> +	mailfrom = env_get("MAILFROM", e->envp);
>  
>  #ifdef PAM
>  	/* use PAM to see if the user's account is available,
> @@ -503,8 +504,12 @@ child_process(e, u)
>  					warn("%s", MAILCMD);
>  					(void) _exit(ERROR_EXIT);
>  				}
> -				fprintf(mail, "From: Cron Daemon
> <%s@%s>\n",
> -					usernm, hostname);
> +				if (mailfrom == NULL || *mailfrom ==
> '\0')
> +					fprintf(mail, "From: Cron
> Daemon <%s@%s>\n",
> +					    usernm, hostname);
> +				else
> +					fprintf(mail, "From: Cron
> Daemon <%s>\n",
> +					    mailfrom);
>  				fprintf(mail, "To: %s\n", mailto);
>  				fprintf(mail, "Subject: Cron <%s@%s>
> %s\n",
>  					usernm, first_word(hostname,
> "."),
> 
> Modified: head/usr.sbin/cron/crontab/crontab.5
> =====================================================================
> =========
> --- head/usr.sbin/cron/crontab/crontab.5	Mon Apr 15 18:49:04
> 2019	(r346251)
> +++ head/usr.sbin/cron/crontab/crontab.5	Mon Apr 15 18:53:28
> 2019	(r346252)
> @@ -17,7 +17,7 @@
>  .\"
>  .\" $FreeBSD$
>  .\"
> -.Dd June 6, 2018
> +.Dd April 15, 2019
>  .Dt CRONTAB 5
>  .Os
>  .Sh NAME
> @@ -116,6 +116,9 @@ If
>  .Ev MAILTO
>  is defined (and non-empty), mail is
>  sent to the user so named.
> +If
> +.Ev MAILFROM
> +is defined (and non-empty), its value will be used as the from
> address.
>  .Ev MAILTO
>  may also be used to direct mail to multiple recipients
>  by separating recipient users with a comma.
>

More information about the svn-src-all mailing list